Blog Box

How often does the same file or record get backed up, even though the content has not changed?

Backup, recovery, and archiving operations must be faster and more efficient than ever to keep information available, productivity high, and storage costs in control. You are cordially invited to attend the free Beyond Backup seminar and find out how EMC solutions can help.

Venue: Manila A & B, Ground Floor, Makati Shangri-La Hotel
Date: Friday, July 29 2005
Time: 8.00 a.m. to 12.45 p.m.

The seminar aims to introduce EMC’s range of integrated Backup, Recovery and Archiving solutions, all designed to help keep your data safe, highly available and in line with recovery requirements.

Find out also how these best-of-breed solutions of fer a new, tiered approach to archiving across the entire lifecycle of the data. As well as new efficiencies and reduced costs, these solutions also offer comprehensive protection in a time of increasingly regulatory compliance.

Agenda:
08.30 a.m. Registration
09.00 a.m. Welcome & EMC Update
09.15 a.m. New Strategies for Backup, Recovery & Archiving
09.30 a.m. The Business Case for Backup to Disk
10.00 a.m. Break
10.30 a.m. Active Archiving with Content Addressable Storage
11.00 a.m. Application-Specific ILM with Xtender Family
11.30 p.m. Assessing your Backup, Recovery and Archive Requirements
12.00 p.m. Clinic Session
12.30 p.m. End

Make a date in your diary for this FREE seminar

Archiving the key data and applications your business runs is no longer optional – it’s a business imperative. So register for this seminar now at philippines.emc.com/buraseminarPH/, or by emailing with your name, surname, company name, title and business contact details. Registration closes on 27 July 2005.

Posted from: John Kleinschmidt

Greetings!

PersonalWireless.org is happy to announce the creation of the ‘Personal Wireless Security Devices and Software List’.

This list was created to discuss issues related to personal wireless devices such as the Blackberry, Palm devices, smartphones and any of the new technologies being developed for the corporate, personal and home wireless market.

For more information and details on this list, including subscription, please see:

http://www.c2security.org/mailman/listinfo/bb-security

Thank you for your time,

John Kleinschmidt

Most folks don’t believe that their cellphone nowadays is a computer, but they are. There are several operating systems used for cellphones. There’s PalmOS, Linux, several variants on Microsoft’s Windows CE (e.g., PocketPC for Phones, Windows Mobile), and the Symbian Series 40, 60, UIQ, versions 8 & 9 and the list goes on.

With a common operating system come common data management utulities. That leads to the ability to share knowledge on how the systems work, and what follows is how to hack in to recover data, either data lost be accident or concealed/destroyed with intent.

NIST created a report last year on recovering data from PalmOS, Linux and Windows CE and appropriate forensics tools for the task.

Tom’s Hardware mentioned a forensic tool from Paraben Forensics Tools in their Crime Fighters solve crimes by examining cell phones article last March 21, 2005.

The tool from Paraben Forensics is called Cell Seizure v2.0

Yes there are several other tools for this kind of stuff but you guys might want to check out their demo version.

Microsoft is investigating new public reports of a vulnerability in Remote Desktop Services. We have not been made aware of attacks that try to use the reported vulnerability or of customer impact at this time, but we are aggressively investigating the public reports.

Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system. Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system. Services that utilize the Remote Desktop Protocol are not enabled by default, however if a service were enabled, an attacker could cause this system to restart.
Note Remote Desktop is enabled by default on Windows XP Media Center Edition.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft continues to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while a security update is being developed.

Mitigating Factors:

• Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

• By default, services that utilize the Remote Desktop Protocol (RDP) are not enabled.
Note Remote Desktop is enabled by default on Windows XP Media Center Edition.

More info @ Microsoft

Arfa Karim Randhawa meets Bill and is given a tour of Redmond.

Arfa Karim Randhawa, aged 10, has become the youngest person to be certified as a Microsoft engineer. Randhawa passed her Microsoft Certified Professional examinations last year. She met Bill Gates this week and was taken on a tour of Microsoft’s Redmond campus.

The 10 year-old, from Faisalabad in Pakistan, asked Gates why children were not allowed to work for Microsoft and was told that they should concentrate on their school studies.

But he explained that Microsoft has an intern programme which would be available to her once she reached high school level. Randhawa also asked why there are so few women in the company, suggesting that Microsoft should have an equal number of men and women.

Gates replied that it is sometimes difficult to get women interested in technology.

More info @ vunet

I just noticed that I’m featured at EC-Council’s Honor Roll for Philippines.

See other fellow infosec professionals from other countries featured in EC-Council’s Honor Roll.

Thanks hunee!

Microsoft launched a new Beta exam for the MCSE 2003 track. The exam is 71-139: Deploying Business Desktops with Microsoft Windows Server 2003 and Microsoft Office 2003. It is a replacement for the current exam 70-281. It will revert to exam code 74-139 after the beta period.

Microsoft is offering it for free to beta testers and will give credit towards the MCSE by way of an elective exam pass. This beta exam will be offered through August 22 by Pearson VUE and Thomson Prometric.

More information about Beta exams is available here: http://www.microsoft.com/learning/mcpexams/status/beta.asp

Cisco’s Networking Academy, an online learning program that teaches students fundamental IT skills, announced the launch of Packetville, a Web portal with interactive educational content designed for schoolchildren ages eight through 14, and their parents, instructors and guidance counselors.

Check it out @ Cisco Packetville

Microsoft together with (ISC)2 created a “career guide” to spark interest for the information security profession among high school and college students.

The guide was distributed last month to more than 3,500 school counselors, administrators and educators at education conferences and has been made available online, the International Information Systems Security Certification Consortium, or (ISC)2, said this week.

Microsoft sponsored the 35-page guide, which is titled “Decoding the Information Security Profession.” The booklet offers a description of information security, typical jobs, titles, industries and organizations, professional requirements, certification options, typical salaries, career outlook, and a listing of schools, education facilities, certification companies and other resources and associations.

The guide gives a good introduction on the current infosec career scenario but it lacks several certifications provided by other security certification providers.

Grab a copy of the guide from (ISC)2

Read the entire Exchange Server 2003 Security Hardening Guide online or download the Exchange Server 2003 Security Hardening Guide .

This guide is designed to provide you with essential information about how to harden your Exchange Server 2003 environment. In addition to practical, hands-on configuration recommendations, this guide includes strategies for combating spam, viruses, and other external threats to your Exchange 2003 messaging system.

Grab a copy from Microsoft

On 12 July 2005 Microsoft is planning to release: •

1. Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these bulletin is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA). •

2. Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this bulletin is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

As of July 1, 2005, CompTIA increased all fees to their exams by 5%.

According to CompTIA the increase was brougt about by the added costs of delivering the exams… I just wonder what added costs would that be…